Very often, the card reading devices in self-service terminals are a primary target for manipulation-attempts and skimming-attacks. This is because a user, attempting to use the self-service terminal that in particular can be an ATM, requires a banking-card that usually comprises a chip and/or a magnet strip on which card data including the personal customer and account access data are stored. Unfortunately, self-service terminals are becoming subject of manipulation by third persons who try to obtain these data in a criminal manner. Amongst other techniques they try to insert a spy-device into the card-slot of the card reading device in an inconspicuous manner, wherein this spy-device is capable to directly read out the magnetic strip or to attach to an internal interface (such as an USB-interface) of the card reading-device. This shall finally realize a readout of the banking-card data in order to make an illegal copy of the card. Moreover, skimming-attempts are known in which an alien card reader is attached to the card reading device as an unobtrusive superstructure, capable to e.g. send the read out card data via a radio transmission. If the frausdster is also capable to obtain the personal identification number (so-called PIN) of the card he/she can easily withdraw money from accompanying account. Moreover, skimming-attacks are known in which an internal interface directly simulates/pretends a card reading process and thus manipulates the software control of the self-service terminal or ATM.
Moreover, direct trapping of a card is another known attack scenario. Within this trapping scenario a superstructure is mounted in front of the card reading device to steal the card. This superstructure comprises a “Lebanese loop” extending towards the card reading device and being mounted directly behind the card insert slot and having a flap which only allows one way insertion of the card. Once a customer inserts a card, said card is captured and trapped by the Lebanese loop; the flap blocks the card from being ejected. By this behaviour of the apparatus the user believes his/her card that a (rightfully) withheld or retract of the card occurs. Then he/she consequently leaves the self-service terminal. In the following the frauder or deceiver takes the card together with the superstructure.
In order to detect card trapping, the process of card-retract has been modified in the prior art. The card is first retracted, then driven out and then retracted again by the card reading device. If this procedure is not possible in a perfect manner, i.e. ejecting a card is not possible, it can be assumed that a card theft has been attempted. However, this security procedure/approach increases the transaction time at the device.
It is also known to counteract such manipulation attempts of self-service terminals be using sensors. The German patent application DE 196 05 102 A1 discloses to use one or more infrared sensors for safeguard the self-service terminal, wherein the signals of these sensors are processed by an evaluator device to detect superstructures.
In the German patent application DE 10 2008 012 231 A1 a protection device is proposed that comprises a protection-shield-generator and a connected induction coil to create an electromagnetic protection shield that covers the electromagnetic fields which are created during (illegally) reading-out the card and therefore influence/interfere the functionality of the alien card reading device (spy-device) such that it fails to deliver useful data. To avoid that the deceiver may detect this protection device, the electromagnetic protection-field is generated with a special protection signal simulating a standard card-reading signal that only contains unuseful psuedo-data. However, this protection device can not be used to avoid or impede such skimming-attempts that are directly targeted to the interior of the card reading device and e.g. receive signals from an inserted spy-device or even from an interior data interface.
In this context there is also to mention the German patent application DE 10 2009 019 708 A1 which discloses to create a stray or noise field via permanent magnets that are moved by piezo-elements, in order to generate an induced magnetic alternating field which effectively interferes the skimming card reading device while reading-out the data. Furthermore the European patent application EP 1 394 728 A1 is cited in which supersonic sensors are disclosed to detect an attached superstructure to the self-service terminal. But also these solutions are not capable to avoid or impede skimming-attempts that occur in the interior of the card reading device.
In the US patent application US 2006/0249574 A1 the misuse of a card is mentioned, but not a manipulation within the interior of the card reading device as such. Herein, it is proposed to equip the card with a microcontroller and an encryption function (cf. FIG. 2). For the power supply of the microcontroller there are photovoltaic or piezo-electric components proposed. However, monitoring of or defense against skimming-attempts via sensors is not described.
Furthermore, it is well known to protect devices that are commonly used to store money or valuables, in particular vaults or bank-vaults with sensors. For instance the German patent application DE 2 318 478 A1 discloses a monitoring system for a strongroom, in which supersonic-sensors are used to determine motions therein via the Doppler-effect. Another disclosure that is relying on an ultrasonic alarm mechanism is disclosed in the German patent application DE 2 617 467 A1.
Accordingly, conventional self-service terminals comprise a card reading device into which a card can be inserted that contains data to be read, wherein the self-service terminal comprises at least one sensor for defense against manipulation attempts and an evaluator device. However, these solutions are not capable for protection against manipulations attempts that aim on the interior of the card reading device.
Therefore, it the object of the present invention to further develop a card reading device as mentioned before in order to be capable to protect against manipulation attempts and skimming-attacks at the interior of the card reading device or at least make such attempts more difficult. Also a self-service terminal being equipped with such a card reading device and a method to monitor such a self-service terminal is provided.